The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. * Ingestion points: The skill is configured to read all HTML, JS, and CSS files in the repository using the '**/*.{html,js,css}' glob. * Boundary markers: There are no explicit instructions or delimiters to help the agent distinguish between its instructions and potentially malicious commands embedded within the reviewed code files. * Capability inventory: The agent is granted access to Read, Write, Edit, and Bash tools, providing a high-impact capability set. * Sanitization: No content validation or sanitization is performed on the files matched by the glob.
[COMMAND_EXECUTION]: The skill's memory protocol explicitly directs the agent to execute the 'cat' command via Bash to read '.claude/context/memory/learnings.md'.

html-tailwind-css-and-javascript-expert-rule